Hi Eric,
On Wed, Jul 27, 2011 at 02:52:46PM -0600, Eric Blake wrote:
[..snip..]
> Pasting from that URL gave awkward results below; can you address my
> comments below, then post a v2 as a proper patch against
> libvirt.git?
Thanks for the review! New version attached.
[..snip..]
> I don't like this part. It is not safe to pass %s as the pathname
> through an additional round of shell parsing, since if the pathname
> has anything that might be construed as shell metacharacters, the
> parse will be destroyed. To some extent, that is already a
> pre-existing bug (slightly mitigated by the fact that 'path' is
> under libvirt's control, and should not be containing arbitrary
> characters unless you passed odd directory choices to ./configure).
Would it make sense to pass such names through something like
g_shell_quote in instead of looking for troublesome characters? This
could be done using virBufferQuotedString? I'll post a patch for review
tomorrow.
Cheers,
-- Guido